I am currently working on a project planning software that “tries” to utilize Java Webstart as its deployment method. Nowadays it is common practice that login dialogs also allow new users to register with the application and existing users to retrieve their password if they forgot it. When I was trying to implement these features I ran into all kinds of issues and finally gave up.
The problem is that login dialogs for webstart applications are stupid. They are not aware of the context in which they are running. All they “know” is that they were shown to the user as a result of a callback from the server. The callback is asking for a user name and a password. This is fine for a simple standard login, but not for an advanced one. How can a new user be created on the server without some kind of connection to the server? Especially if the server is not even known, which is the case when running the webstart client inside an application client container (ACC). The whole idea behind the ACC is to provide injection capabilities, hence freeing the application developer from configuring the initial context.